On Wed, 14 May 2025 08:29:06 +0200
Gregory Kohring via Postfix-users wrote:
[snip]
>
> "All outgoing mail from our network is relayed through a spam
> filtering system that may affect how certain TLS negotiation
> stages (like 250-STARTTLS) are exposed during the
> SMTP handshake.
>
> That sa
Dnia 14.05.2025 o godz. 20:17:31 Viktor Dukhovni via Postfix-users pisze:
> Regardless, indeed it should be possible to find an ISP with a less
> invasive policy, though they'd still need to be responsive to spam
> complaints and close down SMTP access for customers who violate AUP,
> or else the I
On Wed, May 14, 2025 at 10:16:50AM +0200, Jaroslaw Rafa via Postfix-users wrote:
> Dnia 14.05.2025 o godz. 08:29:06 Gregory Kohring via Postfix-users pisze:
> > Unfortunately, this is standard industry practice and cannot be
> > disabled."
>
> Utter bullshit. Doing a MiTM attack (because that's in
Dnia 14.05.2025 o godz. 08:29:06 Gregory Kohring via Postfix-users pisze:
> Unfortunately, this is standard industry practice and cannot be
> disabled."
Utter bullshit. Doing a MiTM attack (because that's in fact what they do) on
your server is a "standard industry practice"? What a bold statement
On Wed, May 14, 2025 at 08:29:06AM +0200, Gregory Kohring via Postfix-users
wrote:
> "All outgoing mail from our network is relayed through a spam
> filtering system that may affect how certain TLS negotiation stages
> (like 250-STARTTLS) are exposed during the SMTP handshake.
>
> That said, TLS
Following Dukhovni's analysis, I contacted the ISP hosting our
VPS mail server. They sent the following explanation for why
STARTTLS does not appear in the SMTP handshake, but Google
insists our emails were delivered over TLSv1.3 in accordance with
their MTA-STS policy.
"All outgoing mail fro
On 5/13/25 15:04, Viktor Dukhovni via Postfix-users wrote:
On Tue, May 13, 2025 at 02:43:52PM +0200, Gregory Kohring via Postfix-users
wrote:
posttls-finger -F /etc/ssl/certs/ca-certificates.crt -lsecure -Lsummary
"[gmail-smtp-in.l.google.com]"
posttls-finger: initializing the client-side TL
On Tue, May 13, 2025 at 02:43:52PM +0200, Gregory Kohring via Postfix-users
wrote:
> posttls-finger -F /etc/ssl/certs/ca-certificates.crt -lsecure -Lsummary
> "[gmail-smtp-in.l.google.com]"
>
> posttls-finger: initializing the client-side TLS engine
> posttls-finger: Connected to gmail-smtp-in.
On 5/13/25 14:16, Viktor Dukhovni via Postfix-users wrote:
On Tue, May 13, 2025 at 01:44:14PM +0200, Gregory Kohring via Postfix-users
wrote:
More likely misconfiguration, or perhaps some middlebox between you and
Gmail. Test with:
$ posttls-finger -c -F /etc/ssl/cert.pem -lsecure -
On Tue, May 13, 2025 at 01:44:14PM +0200, Gregory Kohring via Postfix-users
wrote:
> > More likely misconfiguration, or perhaps some middlebox between you and
> > Gmail. Test with:
> >
> > $ posttls-finger -c -F /etc/ssl/cert.pem -lsecure -Lsummary
> > "[gmail-smtp-in.l.google.com]"
> >
On 5/13/25 13:10, Viktor Dukhovni via Postfix-users wrote:
On Tue, May 13, 2025 at 12:23:40PM +0200, Gregory Kohring via Postfix-users
wrote:
Gmails MTA-STS policy says that all mails sent to google must be over TLS.
No, it says no such thing, rather it provides the parameters
necessary t
On Tue, May 13, 2025 at 12:23:40PM +0200, Gregory Kohring via Postfix-users
wrote:
> Gmails MTA-STS policy says that all mails sent to google must be over TLS.
No, it says no such thing, rather it provides the parameters
necessary to upgrade from opportunistic TLS to MTA-STS when
the client supp
12 matches
Mail list logo
